Galaxy S23 Ultra Review ChatGPT and Microsoft Bing 5 Things New Bing Can Do How to Try New Bing Ozempic vs. Obesity Best Super Bowl Ads Super Bowl: How to Watch Massive Listeria Recall
Want CNET to notify you of price drops and the latest stories?
No, thank you
Accept

Google to ban external sources for Windows Chrome extensions

Google drops the ban-hammer on extensions for Chrome on Windows that are hosted outside the Chrome Web Store, citing security concerns.

Come January, the Chrome Web Store will be the only Windows source for Chrome extensions.
Screenshot by Seth Rosenblatt/CNET

For Google, it's not enough to warn you when an extension attempts to install from outside the Chrome Web Store. Starting in January, Windows users will be able to install extensions only from the official store, as Google blocks all other extension sources.

Erik Kay, Chrome's engineering director, wrote in a blog post that the current security mechanism isn't enough. It asks users if they want to install the extension when it comes from outside the Chrome Web Store, but "bad actors" have figured out how to bypass it.

The malicious extensions that get installed override browser settings and replace the New Tab page, a major gripe from Windows users, Kay said.

The change will affect Chrome stable, the version used by most people, and Chrome Beta. Chrome's developer's and Canary builds will remain unaffected. Google is encouraging developers of non-malicious extensions to migrate their extensions to the Chrome Web Store before January. Web site developers can use Chrome's inline installs feature, and businesses can use Enterprise policy.

While the change might have a deleterious effect on software that regularly installs extensions from outside the store, such as security suites, some of them have already moved their extensions to the Chrome Web Store. Others, Kay said, will be able to host their extensions in the store but with the listings hidden from search.